Information security administrators face numerous challenges today. Rapidly increasing attacks through computing networks, such as the global interconnection of computing devices and computing networks commonly referred to as the Internet, coupled with the persistent threat of insider abuse, demand the attention of sophisticated staffing, often on a day-to-day basis. Administrators often choose to implement systems designed to prevent unauthorized access to or from private networks, such as security devices, or client security devices, like firewalls and Intrusion Detection Systems (IDS's).
A firewall can generally be described as a system designed to prevent unauthorized access to or from a computer network, such as an intranet. Firewalls can generally be implemented in either hardware and software, or combination thereof. Messages entering or leaving the protected network pass through the firewall, which examines traversing messages and blocks those that do not meet specified security criteria.
IDSs generally inspect inbound and outbound network activity and identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a network or system.
However, as network operators, such as corporations, deploy more and more security solutions like firewalls and IDS's to protect against threats, the amount of data generated by these solutions becomes more and more overwhelming, in terms of both volume and specificity. In order to adequately protect computer information assets on a full-time basis, information security staff should typically constantly consider data from many security devices and systems. Administrators can attempt to consolidate this data for viewing purposes, but often, the efficient, real time analysis capabilities of commercially available consolidation software, like Cyberwolf, lack the capability to provide meaningful information in an efficient manner, as selected pieces of data of particular value are often included within voluminous data sets.
Further exacerbating the situation, it is believed that many organizations find it difficult to staff with sufficient security expertise required to effectively process security data. Since network and system attacks generally occur around-the-clock, the ability to analyze and respond to information provided by security devices and solutions in general and in real time is often differentiated only by the success or failure of network or system assaults.
Thus, a need exists for a system and method that is designed to overcome this challenge. Such a managed security services system would preferably include a capability to process and analyze the massive amounts of data generated by security devices throughout a client's enterprise and provide corporate information security staff with the intelligence helpful in understanding and responding to security threats in substantially real-time.